From d4aa9c0058c794d6259248187bd5896cb40eea29 Mon Sep 17 00:00:00 2001 From: Song Liu Date: Fri, 17 Oct 2025 11:49:45 -0700 Subject: [PATCH] ftrace: Fix BPF fexit with livepatch When livepatch is attached to the same function as bpf trampoline with a fexit program, bpf trampoline code calls register_ftrace_direct() twice. The first time will fail with -EAGAIN, and the second time it will succeed. This requires register_ftrace_direct() to unregister the address on the first attempt. Otherwise, the bpf trampoline cannot attach. Here is an easy way to reproduce this issue: insmod samples/livepatch/livepatch-sample.ko bpftrace -e 'fexit:cmdline_proc_show {}' ERROR: Unable to attach probe: fexit:vmlinux:cmdline_proc_show... Fix this by updating direct_functions hash after register_ftrace_function_nolock succeeds. Fixes: d05cb470663a ("ftrace: Fix modification of direct_function hash while in use") Cc: stable@vger.kernel.org # v6.6+ Reported-by: Andrey Grodzovsky Closes: https://lore.kernel.org/live-patching/c5058315a39d4615b333e485893345be@crowdstrike.com/ Cc: Steven Rostedt (Google) Cc: Masami Hiramatsu (Google) Signed-off-by: Song Liu --- kernel/trace/ftrace.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index a69067367c29..82a06b7d0268 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -6038,16 +6038,18 @@ int register_ftrace_direct(struct ftrace_ops *ops, unsigned long addr) } } - free_hash = direct_functions; - rcu_assign_pointer(direct_functions, new_hash); - new_hash = NULL; - ops->func = call_direct_funcs; ops->flags = MULTI_FLAGS; ops->trampoline = FTRACE_REGS_ADDR; ops->direct_call = addr; err = register_ftrace_function_nolock(ops); + if (err) + goto out_unlock; + + free_hash = direct_functions; + rcu_assign_pointer(direct_functions, new_hash); + new_hash = NULL; out_unlock: mutex_unlock(&direct_mutex); -- 2.47.3